Skip to content
Naked Security Naked Security

US military given the power to hack back/defend forward

The new preventative cybersecurity powers include potentially acting against countries considered friendly toward the US - a risky move, some say.

Hacking back – what’s also called offensive hacking, or what the Defense Department is calling “defending forward” in its new cyber strategy, or what we can think of as plain old “attacking” but without the need for the military to get an OK from the president’s National Security Council – is back.
The new version of cyber strategy, first reported by CNN on Tuesday, says that the Department of Defense (DoD) will “defend forward” to confront threats before they reach US networks: in other words, the military has gained the power to launch “preventative” cyberattacks, be they to protect election systems or the energy grid.

Our primary role in this homeland defense mission is to defend forward by leveraging our focus outward to stop threats before they reach their targets.

“The United States cannot afford inaction,” the summary reads. As it is, the US is in a “long-term strategic competition” with China and Russia, it says, which have both launched persistent cyber campaigns that pose “long-term” risk to the country, its allies and its partners.

References to state-sponsored hacks

The strategy references China-sponsored hacking and Russian tinkering with US elections and US discourse.
North Korea also rated a mention. Earlier this month, the US unsealed a criminal complaint that charged a North Korea regime-backed programmer with multiple devastating cyberattacks, including the global WannaCry 2.0 ransomware in 2017, the 2014 attack on Sony Pictures, and the $81m cyber heist in 2016 that drained Bangladesh’s central bank.


From the new strategy, which is the DoD’s first formal cyber strategy document in three years:

China is eroding U.S. Military overmatch and the Nation’s economic vitality by persistently exfiltrating sensitive information from U.S. public and private sector institutions. Russia has used cyber-enabled information operations to influence our population and challenge our democratic processes. Other actors, such as North Korea and Iran, have similarly employed malicious cyber activities to harm U.S. citizens and threaten U.S.

The new strategy gives the military the power to unleash attacks within countries that are allies, as it goes after hackers who use such countries’ networks as a launching pad for attacks against the US, CNN notes.

A risky move?

The new strategy gives the military the power to act far more independently than it has until recently. Previously, if the National Security Agency (NSA) observed Russian hackers building a network in a Western European country, the president’s National Security Council would have to sign off on action before it was taken.
Jason Healey, a senior research scholar at Columbia University and former George W. Bush White House cyber official, told CNN that this won’t be necessary from hereon in.
It’s a risky move, Healey said:

It’s extremely risky to be doing this. If you loosen the rules of engagement, sometimes you’re going to mess that up.

The new strategy still prevents the US from attacking civilian infrastructure in other countries, citing a United Nations agreement “against damaging civilian critical infrastructure during peacetime.”
From the strategy:

The Department will work alongside its interagency and international partners to promote international commitments regarding behavior in cyberspace as well as to develop and implement cyber confidence building measures (CBM). When cyber activities threaten U.S. Interests, we will contest them and we will be prepared to act, in conjunction with partners, to defend U.S. interests.

This is only the most recent of the Trump administration’s moves to give the military a longer leash when it comes to cyberwarfare. Last month, Washington rolled back an Obama-era directive that outlined how to launch cyberattacks on foreign soil.


11 Comments

What could possibly go wrong?

Sure there is a lot that could go wrong, but there was probably more wrong with the previous policy. Tactical level vs strategic level. At the strategic level this is a deterrent, at the tactical level, sure someone might make a mistake here or there, hopefully nothing major.

It’s a bad idea, strategically. [URL removed]

IDK how you could say strategically it’s a bad idea, when it’s been working so well for many parties. It also tends to work pretty well in other areas of National Security. BTW your URL was not posted, would have liked to see what that was.

There are number of reasons it’s a bad idea strategically. The most obvious is when governments hoard zero days and tools and then get hacked themselves, e.g., Shadow brokers, NSA, CIA, etc. There’s also the issue of tools going beyond what was intended, which is why we know of Stuxnet. Schneider on Security can provide more detail if you wish.

Things are already very wrong. Adversaries are draining the country of billions in productivity and intellectual property. Taking steps such as these are how we go about fixing it.

Sadly, militarizing security makes everyone less secure. It means governments hording zero days and then those exploits getting in the wild, as happened with the Shadow Brokers, Stuxnet, and elsewhere. One problem is there is a certain class of people that think the military is the solution to every problem. Securing the Internet is precisely the kind of situation where military solutions are limited, often doing more harm than good.

“NSA) observed Russian hackers building a network” Hey, where did you get that hub, bub? Next week in the news: Home networks to require permits, All networking equipment to be registered with the government. Limits set on how many Ethernet cables you can buy at a time. Large port switches to be banned, limit of 3 ports per switch to prevent mass hacking.

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?